website as flake input, declarative build via wynne-deploy

Source fetched by Nix from Forgejo, build runs on server with DB access for prerendering. No manual git clone/pull needed.
2026-04-05 02:07:03 +01:00 · 2026-04-05 02:07:03 +01:00 · f29e88ad1e
commit f29e88ad1e
parent 0c36b497c8
3 changed files with 20 additions and 7 deletions
--- a/flake.nix
+++ b/flake.nix
@ -7,11 +7,16 @@
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+    website = {
+      url = "git+ssh://forgejo@git.ily.rs:4201/lew/website.git";
+      flake = false;
+    };
  };

-  outputs = { self, nixpkgs, sops-nix, ... }: {
+  outputs = { self, nixpkgs, sops-nix, website, ... }: {
    nixosConfigurations.lab = nixpkgs.lib.nixosSystem {
      system = "aarch64-linux";
+      specialArgs = { inherit website; };
      modules = [
        sops-nix.nixosModules.sops
        ./hosts/lab
--- a/hosts/lab/wynne.nix
+++ b/hosts/lab/wynne.nix
@ -1,12 +1,15 @@
-{ pkgs, ... }:
+{ pkgs, website, ... }:
 let
  port = 4322;
  dataDir = "/srv/wynne";
+  buildDir = "${dataDir}/build";

  deployScript = pkgs.writeShellScript "wynne-deploy" ''
    set -e
-    cd ${dataDir}/repo
-    ${pkgs.git}/bin/git pull
+    rm -rf ${buildDir}
+    cp -r ${website} ${buildDir}
+    chmod -R u+w ${buildDir}
+    cd ${buildDir}
    ${pkgs.pnpm}/bin/pnpm install --frozen-lockfile
    ASTRO_DB_REMOTE_URL=file:${dataDir}/data/guestbook.db ${pkgs.pnpm}/bin/pnpm build
  '';
@ -27,9 +30,9 @@ in

  systemd.services.wynne-deploy = {
    description = "Build wynne.rs from source";
+    path = [ pkgs.nodejs ];
    serviceConfig = {
      Type = "oneshot";
-      User = "lew";
      ExecStart = deployScript;
    };
  };
@ -46,12 +49,12 @@ in
    };
    serviceConfig = {
      Type = "simple";
-      WorkingDirectory = "${dataDir}/repo";
+      WorkingDirectory = buildDir;
      ExecStart = "${pkgs.nodejs}/bin/node dist/server/entry.mjs";
      Restart = "on-failure";
      User = "wynne";
      Group = "wynne";
-      ReadWritePaths = [ "${dataDir}/data" ];
+      ReadWritePaths = [ dataDir ];
    };
  };

--- a/5
+++ b/5
@ -14,3 +14,8 @@ check:
 update:
    git pull
    sudo nixos-rebuild switch --flake /etc/nixos#lab
+
+[doc("Pull latest website source, then rebuild and activate")]
+update-site:
+    nix flake update website
+    sudo nixos-rebuild switch --flake /etc/nixos#lab